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| QUICK START 


RACF Event Subsystem 


Before installing Novell Nsure™ Identity Manager Driver for MVS* RACF* components, obtain the 


latest support pack and product updates, and review the Release Notes and Readme files. 


REQUIRED KNOWLEDGE AND SKILLS 

Successful installation of the RACF Event Subsystem requires MVS system programming 
expertise. Successful deployment of Novell Nsure Identity Manager Driver for MVS RACF requires 
a thorough understanding of Nsure Identity Manager and of the MVS RACF driver, and a complete 
understanding of the technical and business standards, conventions, processes, practices, and 


procedures used by the local installation. 


¢ For detailed information about Nsure Identity Manager, see the Novell Nsure Identity 
Manager documentation Web site (http: //www.novell.com/documentation/lg/dirxml20). 


¢ For detailed information about the MVS RACF driver, see Novell Nsure Identity Manager 
Driver for MVS RACF Implementation Guide (http: //www.novell.com/documentation/lg/ 
dirxmldrivers/index.html). 


SOFTWARE REQUIREMENTS 
+ Any OS/390* or z/OS* release supported by IBM* 


+ RACF 1.9 or later 


INSTALLING THE RACF EVENT SUBSYSTEM 
Install the RACF Event Subsystem on each MVS system that shares the RACF database. 


1 Set up the libraries on your MVS system. 


The RACF Event Subsystem is packaged as TRANSMIT unloaded MVS partitioned data sets 
(PDS). 


¢ Samples Library: LDXSAMP.XMT 


¢ Load Library: LDXLOAD.XMT 
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To prepare the samples library and load library for use, use ftp to upload these files to your 
MVS system from a PC or file server. 


1a FTP your-MvS-hostname 
1b Authenticate to MVS using your user ID and password. 
1c QUOTE SITE LRECL=80 RECFM=FB 


1d_ If you need the files to be stored on a specific disk volume, enter 
QUOTE SITE VOL=volser 


1e BINARY 

1f PUT LDXSAMP.XMT 

1g PUT LDXLOAD.XMT 

1h QUIT 
2 Use the TSO RECEIVE command to unpack the samples and load library data sets. 
3 Add the LDX load library to your APF list. 


4 Customize and run the LOGINIT job in the samples library to allocate and initialize the 
Change Log data set. 


5 Set up the Change Log Started Task by copying and customizing member LDXLOGRP from the 
samples library to your started task procedure library. 


You can give the Change Log Started Task a different name if necessary. 


Start the Change Log Started Task during your IPL procedure before user processing begins. 
Stop the Change Log Started Task during your system shutdown procedure after all user 
processing has ended. 


6 Authorize the LDXSERV TSO command by adding LDXSERV to the list of APF authorized TSO 
commands in your PARMLIB IKJTSOxx member. 


7 Install the LDXPROC TSO logon procedure by copying member LDXPROC from the samples 
library to your TSO logon procedure library. 


You can give the logon procedure a different name if necessary. 
8 Create an administrative user ID for the driver TSO session (once for each RACF database). 
8a Define the user with the ADDUSER command. 


Specify values for the various parameters as appropriate for your standards. Specify the 
name of the logon procedure that you prepared in Step 7. There are no restrictions 
placed by the driver on the name of the user ID. 


The user ID used by the driver must be given the RACF SPECIAL and TSO attributes, and 
must have no restrictions placed on it that could prevent its intended processing. 


Example: 


ADDUSER LDXUSER DFLTGRP (mygroup) - 
NAME ('RACF DRIVER') PASSWORD(initial) SPECIAL - 
TSO (PROC (LDXPROC) SIZE(32768) 


8b Set the password of the user ID to never expire. 
Example: 


PASSWORD USER(LDXUSER) NOINTERVAL 


8c Reset the password of the user ID and mark it not expired. (RACF marks the value 
specified on the ADDUSER command as being expired.) 


Example: 


ALTUSER LDXUSER NOEXPIRED PASSWORD (xxx) 


When you set up the Driver object, you specify the user ID and password you create here. 
9 Test the RACF Event Subsystem before installing the RACF exits. 
9a Start the Change Log Started Task. 
9b Log on to TSO using the adminsitrative ID you created for the driver. 


9c Issue the command 
LDXSERV STATUS 


Examine the output of the command. You should see information about the cross 
memory queue, information about the Change Log Started Task, and a valid, empty 
Change Log data set. 


10 Install LDXEVX01, the Common Command exit, using the Dynamic Exit Facility. 


For testing, we recommend that you set up two PROGxx members in SYS1.PARMLIB (or 
equivalent), to allow for easy removal of the exit if desired. 


10a Edit SAMPLIB members PROGAD and PROGDL. Change <LDX load library> to your LDX 
load library name. 


10b Copy these two members to your system PARMLIB data set. If you already have a 
PROGAD or PROGDL member, rename the LDX members to a PROGxx name that’s not 
in use. 


10c When ready, use the console command SET PROG=AD to activate LDXEVX01 as an 
IRREVX01 exit point. 


10d To uninstall the LDX exit, issue SET PROG=DL as a console command. 
For permanent installation, do one of the following: 


+ Add the EXIT ADD statement in PROGAD to your production PROGxx PARMLIB member. 


+ Adda SET PROG=AD command to CONSOLOO or an automation script, so that it is issued 
during your IPL procedure. 


11 Install ICHRIXO2, the RACROUTE REQUEST=VERIFY(X) (RACINIT) postprocessing exit. 


+ If you do not have an existing ICHRIX02 exit, run the job in the samples library member 
RIXOA. This job uses SMP/E to linkedit LDXRIX02 into SYS1.LPALIB as exit ICHRIX02. 


+ If you have an existing ICHRIX02 exit, update samples library member RIXOB as 
appropriate. RIXOB installs a router that calls the driver postprocessing exit and your 
existing exit. 


12 After you have installed LDXEVX01 and ICHRIX02, IPL the MVS system with the CLPA option. 
13 Test the completed RACF Event Subsystem installation. 
13a Start the Change Log Started Task. 
13b Perform some actions to exercise the two RACF exits and create some sample events. 
+ Change a password using the logon screen. 
+ Create new user ID. 
13c Log on to TSO using the administrative user ID you created for the driver. 


13d Issue the command 
LDXSERV STATUS 


Examine the output of the command. You should see the RACF exits loaded, 
information about the cross memory queue, information about the Change Log Started 
Task, and a valid, non-empty Change Log data set. 
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